| <?php |
| require_once '../../db.php'; |
| redirectIfNotLoggedIn(); |
|
|
| if ($_SERVER['REQUEST_METHOD'] == 'POST') { |
| $data = json_decode(file_get_contents('php://input'), true); |
| $package_name = $data['package']; |
| $amount = $data['amount']; |
| $user_id = $_SESSION['user_id']; |
| |
| |
| if ($_SESSION['balance'] < $amount) { |
| echo json_encode(['success' => false, 'message' => 'Insufficient balance.']); |
| exit; |
| } |
| |
| |
| $stmt = $pdo->prepare("SELECT * FROM packages WHERE name = ?"); |
| $stmt->execute([$package_name]); |
| $package = $stmt->fetch(PDO::FETCH_ASSOC); |
| |
| if (!$package) { |
| echo json_encode(['success' => false, 'message' => 'Package not found.']); |
| exit; |
| } |
| |
| |
| $pdo->beginTransaction(); |
| |
| try { |
| |
| $stmt = $pdo->prepare("UPDATE users SET balance = balance - ?, package = ? WHERE id = ?"); |
| $stmt->execute([$amount, $package_name, $user_id]); |
| |
| |
| $stmt = $pdo->prepare("INSERT INTO transactions (user_id, type, amount, description, status) VALUES (?, 'purchase', ?, ?, 'completed')"); |
| $stmt->execute([$user_id, $amount, "Purchased {$package_name} package"]); |
| |
| |
| $stmt = $pdo->prepare("INSERT INTO user_packages (user_id, package_id, investment_amount, expected_return) VALUES (?, ?, ?, ?)"); |
| $stmt->execute([$user_id, $package['id'], $amount, $package['return_amount']]); |
| |
| |
| $stmt = $pdo->prepare("UPDATE users SET package = ? WHERE id = ?"); |
| $stmt->execute([$package_name, $user_id]); |
| |
| |
| $pdo->commit(); |
| |
| |
| $_SESSION['balance'] -= $amount; |
| $_SESSION['package'] = $package_name; |
| |
| echo json_encode(['success' => true, 'message' => 'Package purchased successfully!']); |
| } catch (Exception $e) { |
| $pdo->rollBack(); |
| echo json_encode(['success' => false, 'message' => 'Purchase failed: ' . $e->getMessage()]); |
| } |
| } |
| ?> |
